1// Code generated by smithy-go-codegen DO NOT EDIT. 2 3package s3 4 5import ( 6 "context" 7 awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" 8 "github.com/aws/aws-sdk-go-v2/aws/signer/v4" 9 s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" 10 "github.com/aws/aws-sdk-go-v2/service/s3/types" 11 "github.com/aws/smithy-go/middleware" 12 smithyhttp "github.com/aws/smithy-go/transport/http" 13) 14 15// Sets the permissions on an existing bucket using access control lists (ACL). For 16// more information, see Using ACLs 17// (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html). To set 18// the ACL of a bucket, you must have WRITE_ACP permission. You can use one of the 19// following two ways to set a bucket's permissions: 20// 21// * Specify the ACL in the 22// request body 23// 24// * Specify permissions using request headers 25// 26// You cannot specify 27// access permission using both the body and the request headers. Depending on your 28// application needs, you may choose to set the ACL on a bucket using either the 29// request body or the headers. For example, if you have an existing application 30// that updates a bucket ACL using the request body, then you can continue to use 31// that approach. Access Permissions You can set access permissions using one of 32// the following methods: 33// 34// * Specify a canned ACL with the x-amz-acl request 35// header. Amazon S3 supports a set of predefined ACLs, known as canned ACLs. Each 36// canned ACL has a predefined set of grantees and permissions. Specify the canned 37// ACL name as the value of x-amz-acl. If you use this header, you cannot use other 38// access control-specific headers in your request. For more information, see 39// Canned ACL 40// (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL). 41// 42// * 43// Specify access permissions explicitly with the x-amz-grant-read, 44// x-amz-grant-read-acp, x-amz-grant-write-acp, and x-amz-grant-full-control 45// headers. When using these headers, you specify explicit access permissions and 46// grantees (AWS accounts or Amazon S3 groups) who will receive the permission. If 47// you use these ACL-specific headers, you cannot use the x-amz-acl header to set a 48// canned ACL. These parameters map to the set of permissions that Amazon S3 49// supports in an ACL. For more information, see Access Control List (ACL) Overview 50// (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html). You specify 51// each grantee as a type=value pair, where the type is one of the following: 52// 53// * id 54// – if the value specified is the canonical user ID of an AWS account 55// 56// * uri – if 57// you are granting permissions to a predefined group 58// 59// * emailAddress – if the 60// value specified is the email address of an AWS account Using email addresses to 61// specify a grantee is only supported in the following AWS Regions: 62// 63// * US East (N. 64// Virginia) 65// 66// * US West (N. California) 67// 68// * US West (Oregon) 69// 70// * Asia Pacific 71// (Singapore) 72// 73// * Asia Pacific (Sydney) 74// 75// * Asia Pacific (Tokyo) 76// 77// * Europe 78// (Ireland) 79// 80// * South America (São Paulo) 81// 82// For a list of all the Amazon S3 83// supported Regions and endpoints, see Regions and Endpoints 84// (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) in the AWS 85// General Reference. 86// 87// For example, the following x-amz-grant-write header grants 88// create, overwrite, and delete objects permission to LogDelivery group predefined 89// by Amazon S3 and two AWS accounts identified by their email addresses. 90// x-amz-grant-write: uri="http://acs.amazonaws.com/groups/s3/LogDelivery", 91// id="111122223333", id="555566667777" 92// 93// You can use either a canned ACL or specify 94// access permissions explicitly. You cannot do both. Grantee Values You can 95// specify the person (grantee) to whom you're assigning access rights (using 96// request elements) in the following ways: 97// 98// * By the person's ID: 99// <>ID<><>GranteesEmail<> DisplayName is optional and ignored in the request 100// 101// * 102// By URI: <>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<> 103// 104// * By 105// Email address: <>Grantees@email.com<>lt;/Grantee> The grantee is resolved to the 106// CanonicalUser and, in a response to a GET Object acl request, appears as the 107// CanonicalUser. Using email addresses to specify a grantee is only supported in 108// the following AWS Regions: 109// 110// * US East (N. Virginia) 111// 112// * US West (N. 113// California) 114// 115// * US West (Oregon) 116// 117// * Asia Pacific (Singapore) 118// 119// * Asia Pacific 120// (Sydney) 121// 122// * Asia Pacific (Tokyo) 123// 124// * Europe (Ireland) 125// 126// * South America (São 127// Paulo) 128// 129// For a list of all the Amazon S3 supported Regions and endpoints, see 130// Regions and Endpoints 131// (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) in the AWS 132// General Reference. 133// 134// Related Resources 135// 136// * CreateBucket 137// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) 138// 139// * 140// DeleteBucket 141// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html) 142// 143// * 144// GetObjectAcl 145// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html) 146func (c *Client) PutBucketAcl(ctx context.Context, params *PutBucketAclInput, optFns ...func(*Options)) (*PutBucketAclOutput, error) { 147 if params == nil { 148 params = &PutBucketAclInput{} 149 } 150 151 result, metadata, err := c.invokeOperation(ctx, "PutBucketAcl", params, optFns, addOperationPutBucketAclMiddlewares) 152 if err != nil { 153 return nil, err 154 } 155 156 out := result.(*PutBucketAclOutput) 157 out.ResultMetadata = metadata 158 return out, nil 159} 160 161type PutBucketAclInput struct { 162 163 // The bucket to which to apply the ACL. 164 // 165 // This member is required. 166 Bucket *string 167 168 // The canned ACL to apply to the bucket. 169 ACL types.BucketCannedACL 170 171 // Contains the elements that set the ACL permissions for an object per grantee. 172 AccessControlPolicy *types.AccessControlPolicy 173 174 // The base64-encoded 128-bit MD5 digest of the data. This header must be used as a 175 // message integrity check to verify that the request body was not corrupted in 176 // transit. For more information, go to RFC 1864. 177 // (http://www.ietf.org/rfc/rfc1864.txt) For requests made using the AWS Command 178 // Line Interface (CLI) or AWS SDKs, this field is calculated automatically. 179 ContentMD5 *string 180 181 // The account ID of the expected bucket owner. If the bucket is owned by a 182 // different account, the request will fail with an HTTP 403 (Access Denied) error. 183 ExpectedBucketOwner *string 184 185 // Allows grantee the read, write, read ACP, and write ACP permissions on the 186 // bucket. 187 GrantFullControl *string 188 189 // Allows grantee to list the objects in the bucket. 190 GrantRead *string 191 192 // Allows grantee to read the bucket ACL. 193 GrantReadACP *string 194 195 // Allows grantee to create, overwrite, and delete any object in the bucket. 196 GrantWrite *string 197 198 // Allows grantee to write the ACL for the applicable bucket. 199 GrantWriteACP *string 200} 201 202type PutBucketAclOutput struct { 203 // Metadata pertaining to the operation's result. 204 ResultMetadata middleware.Metadata 205} 206 207func addOperationPutBucketAclMiddlewares(stack *middleware.Stack, options Options) (err error) { 208 err = stack.Serialize.Add(&awsRestxml_serializeOpPutBucketAcl{}, middleware.After) 209 if err != nil { 210 return err 211 } 212 err = stack.Deserialize.Add(&awsRestxml_deserializeOpPutBucketAcl{}, middleware.After) 213 if err != nil { 214 return err 215 } 216 if err = addSetLoggerMiddleware(stack, options); err != nil { 217 return err 218 } 219 if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil { 220 return err 221 } 222 if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil { 223 return err 224 } 225 if err = addResolveEndpointMiddleware(stack, options); err != nil { 226 return err 227 } 228 if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil { 229 return err 230 } 231 if err = addRetryMiddlewares(stack, options); err != nil { 232 return err 233 } 234 if err = addHTTPSignerV4Middleware(stack, options); err != nil { 235 return err 236 } 237 if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil { 238 return err 239 } 240 if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil { 241 return err 242 } 243 if err = addClientUserAgent(stack); err != nil { 244 return err 245 } 246 if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { 247 return err 248 } 249 if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { 250 return err 251 } 252 if err = addOpPutBucketAclValidationMiddleware(stack); err != nil { 253 return err 254 } 255 if err = stack.Initialize.Add(newServiceMetadataMiddleware_opPutBucketAcl(options.Region), middleware.Before); err != nil { 256 return err 257 } 258 if err = addMetadataRetrieverMiddleware(stack); err != nil { 259 return err 260 } 261 if err = addPutBucketAclUpdateEndpoint(stack, options); err != nil { 262 return err 263 } 264 if err = addResponseErrorMiddleware(stack); err != nil { 265 return err 266 } 267 if err = v4.AddContentSHA256HeaderMiddleware(stack); err != nil { 268 return err 269 } 270 if err = disableAcceptEncodingGzip(stack); err != nil { 271 return err 272 } 273 if err = addRequestResponseLogging(stack, options); err != nil { 274 return err 275 } 276 if err = smithyhttp.AddContentChecksumMiddleware(stack); err != nil { 277 return err 278 } 279 return nil 280} 281 282func newServiceMetadataMiddleware_opPutBucketAcl(region string) *awsmiddleware.RegisterServiceMetadata { 283 return &awsmiddleware.RegisterServiceMetadata{ 284 Region: region, 285 ServiceID: ServiceID, 286 SigningName: "s3", 287 OperationName: "PutBucketAcl", 288 } 289} 290 291// getPutBucketAclBucketMember returns a pointer to string denoting a provided 292// bucket member valueand a boolean indicating if the input has a modeled bucket 293// name, 294func getPutBucketAclBucketMember(input interface{}) (*string, bool) { 295 in := input.(*PutBucketAclInput) 296 if in.Bucket == nil { 297 return nil, false 298 } 299 return in.Bucket, true 300} 301func addPutBucketAclUpdateEndpoint(stack *middleware.Stack, options Options) error { 302 return s3cust.UpdateEndpoint(stack, s3cust.UpdateEndpointOptions{ 303 Accessor: s3cust.UpdateEndpointParameterAccessor{ 304 GetBucketFromInput: getPutBucketAclBucketMember, 305 }, 306 UsePathStyle: options.UsePathStyle, 307 UseAccelerate: options.UseAccelerate, 308 SupportsAccelerate: true, 309 TargetS3ObjectLambda: false, 310 EndpointResolver: options.EndpointResolver, 311 EndpointResolverOptions: options.EndpointOptions, 312 UseDualstack: options.UseDualstack, 313 UseARNRegion: options.UseARNRegion, 314 }) 315} 316